Monday, November 24, 2008 11:18 AM
cmosby
Malware in Lenovo - Viruslist Analyst's Diary
| Costin | November 21, 2008 | 21:37 GMT | comment  |
Some of you might have seen the
blogpost that our colleague Ryan Naraine has put at ZDNET about malware being distributed along with a pack of Lenovo Thinkpad drivers.
Here are some more details on that story. Working together with fellow researchers in Microsoft we discovered an URL that pointed to a file on IBM’s ftp site that looked like a false positive, so we sent them a ‘heads up’ message.
Careful analysis of the file, which was named ‘q3tsk04us13.exe’ (Lenovo Trust Key Software for WinXP) showed that the file in question did indeed contain a virus named Virus.Win32.Drowor.a. Luckily, the virus was broken and it didn’t work.
Naturally, we've notified IBM immediately – and IBM took the file offline.
We’d like to salute IBM's prompt response and to thank our friends at MS for their initial analysis!